ioc[.]one - OSINT Cyber Threat Intelligence Database

Picus Cyber Threat Intelligence Report May 2023: Key Threat Actors, Vulnerable Regions, and Industries at Risk

Tags

country:	Afghanistan Bangladesh Bulgaria China Sri Lanka Nepal Fiji India Indonesia Pakistan Japan South Korea Thailand Laos Moldova Mongolia Myanmar Philippines Qatar Singapore Romania Russia Vietnam Taiwan Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Credentials - T1589.001 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Man In The Browser - T1185 Credential Dumping - T1003 Dll Side-Loading - T1073 Powershell - T1086 Remote Desktop Protocol - T1076 Rootkit - T1014 Scripting - T1064 Rootkit Scripting

Show in Graph

Common Information

Type	Value
UUID	d6a1390f-a18e-4b36-b857-9dd64fd0bac2
Fingerprint	b50009518f51e7af
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 14, 2023, 11:50 a.m.
Added to db	June 14, 2023, 2:03 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Picus Cyber Threat Intelligence Report May 2023: Key Threat Actors, Vulnerable Regions, and Industries at Risk
Title	Picus Cyber Threat Intelligence Report May 2023: Key Threat Actors, Vulnerable Regions, and Industries at Risk
Detected Hints/Tags/Attributes	199/3/47

Source URLs

	Redirection	Url
Details	Source	https://www.picussecurity.com/resource/blog/key-threat-actors-vulnerable-regions-and-industries-at-risk

URL Provider

Details	Provider	Source level domain
Details	picussecurity.com	www.picussecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	352	✔	Resources-2	https://www.picussecurity.com/resource/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	140	cve-2023-27350
Details	Domain	50	webhook.site
Details	Domain	49	ukr.net
Details	Domain	118	sekoia.io
Details	Domain	58	blog.sekoia.io
Details	Domain	403	securelist.com
Details	Domain	65	blog.cyble.com
Details	Domain	189	asec.ahnlab.com
Details	Domain	55	otx.alienvault.com
Details	Domain	280	thehackernews.com
Details	Domain	138	www.securityweek.com
Details	Domain	99	therecord.media
Details	Domain	2	greydynamics.com
Details	Domain	133	www.infosecurity-magazine.com
Details	Domain	101	www.group-ib.com
Details	Domain	469	www.cisa.gov
Details	Domain	124	www.sentinelone.com
Details	File	1	bl00dy-ransomware-gang-strikes.html
Details	File	384	www.inf
Details	File	1	attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html
Details	File	4	void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html
Details	Threat Actor Identifier - APT	522	APT41
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	1	https://blog.sekoia.io/bluenoroffs-rustbucket-campaign/.
Details	Url	1	https://www.sisainfosec.com/threat-a-licious/aukill-defense-evasion-tool-disables-edr-software-via-byovd-attack/.
Details	Url	1	https://socprime.com/blog/merdoor-malware-detection-lancefly-apt-uses-a-stealthy-backdoor-in-long-running-attacks-against-organizations-in-south-and-southeast-asia/.
Details	Url	1	https://blog.eclecticiq.com/chinese-threat-actor-used-modified-cobalt-strike-variant-to-attack-taiwanese-critical-infrastructure.
Details	Url	1	https://securelist.com/cloudwizard-apt/109722/.
Details	Url	1	https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/.
Details	Url	1	https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains.
Details	Url	1	https://www.bleepingcomputer.com/news/security/new-ra-group-ransomware-targets-us-orgs-in-double-extortion-attacks/.
Details	Url	1	https://asec.ahnlab.com/en/51746/.
Details	Url	1	https://otx.alienvault.com/pulse/642d624ccd3a7cca31c9e252.
Details	Url	1	https://thehackernews.com/2023/05/bl00dy-ransomware-gang-strikes.html
Details	Url	1	https://www.securityweek.com/microsoft-iranian-apts-exploiting-recent-papercut-vulnerability/.
Details	Url	1	https://therecord.media/lancefly-espionage-malware-backdoor-asia-apt.
Details	Url	1	https://greydynamics.com/the-five-bears-russias-offensive-cyber-capabilities/.
Details	Url	1	https://www.infosecurity-magazine.com/news/earth-longzhi-disable-security/.
Details	Url	1	https://www.trendmicro.com/en_us/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html
Details	Url	1	https://www.infosecurity-magazine.com/news/us-sanctions-north-korea-entities/.
Details	Url	1	https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/.
Details	Url	5	https://www.group-ib.com/blog/hunting-sidewinder
Details	Url	1	https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a.
Details	Url	4	https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html
Details	Url	1	https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit/.
Details	Url	1	https://blog.sekoia.io/apt28-leverages-multiple-phishing-techniques-to-target-ukrainian-civil-society/.
Details	Url	1	https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a.